Cybercrime’s where the money is

The good guys seem to be leaving their virtual safe doors wide open.

So says the latest annual report from Trustwave, which paints a disheartening picture about the state of cyber security.

Trustwave experts gathered data from 574 breach investigations conducted by its SpiderLabs team across 15 countries in 2014. In addition, researchers also incorporated proprietary threat intelligence gleaned from the company's five global Security Operations Centers, security scanning and penetration testing results, telemetry from global security technologies, and security research.

Take a deep breath—report highlights include:

• Return on investment. Attackers receive an estimated 1,425% return on their investments in exploit kits and ransomware schemes. They average $84,100 net revenue for each $5,900 investment.

• Weak application security. 98% of applications tested by Trustwave in 2014 had at least one vulnerability. The maximum number of vulnerabilities Trustwave experts found in a single application was 747. The median number of vulnerabilities per application increased 43% in 2014 from the previous year.

• Password problem persists. “Password1" was still the most commonly used password. The estimated time it took Trustwave security testers to crack an eight-character password was one day—and 39% of passwords were eight characters long. The estimated time it takes to crack a ten-character password is 591 days.

• Where victims reside. Half of the compromises Trustwave investigated occurred in the United States (a nine percentage point decrease from 2013).

• Who criminals target. Retail was the most compromised industry, making up 43% of Trustwave's investigations followed by food and beverage (13%) and hospitality (12%).

• Top assets compromised. 42% of investigations were of ecommerce breaches. Just a bit more, 40%, were point-of-sale breaches. POS compromises increased seven percentage points from 2013 to 2014, making up 33% of Trustwave's investigations in 2013 and 40% in 2014. Ecommerce compromises decreased 13 percentage points from 2013 to 2014.

• Data most targeted. In 31% of cases Trustwave investigators found attackers targeted payment card “track data” (up 12 percentage points over 2013). Track data is the information on the back of a payment card that's needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45% in 2013). This means that attackers have shifted their focus back to payment card data.

• Lack of self-detection. Most victims—81%—did not detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.

• How criminals break in. Weak remote access security and weak passwords tied as the vulnerability most exploited by criminals in 2014. Weak remote access security or weak passwords contributed to 94% of POS breaches.

• Spam on the decline. Spam volume continues to decrease, making up 60% of total inbound mail. That’s compared to 69% in 2013 and more than 90% at its peak in 2008. However, 6% of it included a malicious attachment or link, a slight increase from 2013.

Download 2015 Trustwave Global Security Report [Registration required}